Dark Reading

Attackers Abuse Python, Cloudflare to Deliver AsyncRAT

The phishing campaign shows how attackers continue to weaponize legitimate cloud services and open source tools to evade ...

Use Classic Outlook? This Microsoft bug might stop you from opening encrypted emails

The problem happens for users who encrypt the email using the settings under the email File dialog (File > Encrypt), ...
Security Boulevard

Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

Critical105Important0Moderate0LowMicrosoft addresses 113 CVEs in the first Patch Tuesday of 2026, with two zero-days, ...

Federal agencies told to fix or ditch Gogs as exploited zero-day lands on CISA hit list

CISA has ordered federal agencies to stop using Gogs or lock it down immediately after a high-severity vulnerability in the ...
CSO Online

From typos to takeovers: Inside the industrialization of npm supply chain attacks

A dramatic spike in npm-focused intrusions shows how attackers have shifted from opportunistic typosquatting to systematic, ...

CISA orders feds to patch Gogs RCE flaw exploited in zero-day attacks

CISA has ordered government agencies to secure their systems against a high-severity Gogs vulnerability that was exploited in ...
FinanceFeeds

SlowMist Issues Security Alert Over Remote Code Execution Risks in Vibe Coding Tools

Blockchain security firm SlowMist has issued an urgent warning to the developer community regarding a sophisticated new attack vector targeting users of "vibe ...

Astaroth banking malware returns with WhatsApp-based worm targeting Brazil

Dubbed “Boto-Cor-de-Rosa,” the new campaign includes the addition of a WhatsApp web-based worm that allows the malware to spread itself by using a victim’s WhatsApp contacts versus previous Astaroth ...
CMU School of Computer Science

Databases in 2025: A Year in Review

The world tried to kill Andy off but he had to stay alive to to talk about what happened with databases in 2025.